Friday, June 30, 2017

In case you are a JWPlayer fan (like me), you will most probably reach a point where you'd have to use their API. I am talking mostly about the "JW Player JavaScript API Reference".

I have recently been trying to get all of the sources (.mp4 files of the same video, each with different quality) of the currently playing video item from a playlist with multiple videos (2 or more video items). I have searched a lot online no how to do that but no real help was provided as you see in the link below:

But nothing was helpful, so I had to dig through JWPlayer's API and find out myself how to do it in the Playlist section here. It is definitely very easy and the trick is to simply under their API and use it properly. The code uses JQuery so make sure you import it.

Increasing our top reward from $50,000 to $100,000. Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven’t had a successful submission. That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.

In other technical words, 100,000USD is to be given to whoever can hack its operating system Chromium OS that is updated almost daily from the finest and most talented software engineers.

Sounds like a good deal, yeah? Actually, not. It is worth noting that Google set extremely hard rules and the chance of winning the amount is close to 0. Yes, it is possible to hack a Chromebook but your chances are close to 0. Here is more information about the reward:

We have a standing $100,000 reward for participants that can compromise a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page).

You need to find a bug in Chromium OS's sandboxing secure mechanism that has been evolving for four years. Sandboxing ensures that each Chrome Extension (they call them apps) is run in a restricted environment and is sandboxed (quarantined, imprisoned). In other words, you need to create a Google Extension and from that extension, you need to locate a bug in Chromium OS, if it does exist I assume.

Once you find this invisible bug, you create an extension that would take advantage of the bug so that it would escalade access and escape the sandbox. All that, you need to in Guest mode.

Once you escape the sandbox, you need to find a second bug that would allow you to tamper with the system and corrupt its files. That is, first, you need to find a third bug that would allow you to access the developer's mode from the guest mode.

One you gain access to the developer's mode from the guest mode, you need a way to break the administrator account inside of the "Linux-based" operating system from a non-privileged account.

Hold on, we're not done yet. It needs to be persistent. That means, once you edit the operating system files, you need to tamper secure boot scripts as well, which double checks the operating system files on boot to see if they were tampered with.

The hack, if found, is probably worth more than USD10,000,000 in the black market, the odds of getting a Chromebook hacked from the "guest" mode is about the same odds of winning the lottery. If you're looking for some quick cash, you might as well go buy a lottery ticket rather than go get a Chromebook and attempt the hacking.

The USD100,000 is just a tiny small amount from Google's pocket, but most importantly, it is a guarantee from Google that their Chromebook is safe, as long as no one wins the bounty, Google would smile and double the amount whenever they want.

Wednesday, June 28, 2017

In few months, A Hacker's Manifesto will turn 31 years old. In honor of this essay, I will repost it on my blog. The Hacker's Manifesto is known as The Conscience of a Hacker. Date released is in January 8, 1986 and the author is The Mentor.

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me...

Or feels threatened by me...

Or thinks I'm a smart ass...

Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.

"This is it... this is where I belong..."

I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.